My Oracle Support Banner

Unable To Create Pods On OKE, with error clusterroles.rbac.authorization.k8s.io [pod name] is forbidden: attempt to grant extra privileges (Doc ID 2507140.1)

Last updated on NOVEMBER 29, 2019

Applies to:

Oracle Cloud Infrastructure - Version N/A and later
Information in this document applies to any platform.

Symptoms

Unable to deploy any pod on OKE (Oracle Kubernetes Engine) cluster, with the following error -

Error from server (Forbidden): error when creating "https://raw.xxx.com/kubernetes/xxx/master/deploy/mandatory.yaml": clusterroles.rbac.authorization.k8s.io "xxx" is forbidden: attempt to grant extra privileges: [{[list] [] [configmaps] [] []} {[watch] [] [configmaps] [] []} {[list] [] [endpoints] [] []} {[watch] [] [endpoints] [] []} {[list] [] [nodes] [] []} {[watch] [] [nodes] [] []} {[list] [] [pods] [] []} {[watch] [] [pods] [] []} {[list] [] [secrets] [] []} {[watch] [] [secrets] [] []} {[get] [] [nodes] [] []} {[get] [] [services] [] []} {[list] [] [services] [] []} {[watch] [] [services] [] []} {[get] [extensions] [ingresses] [] []} {[list] [extensions] [ingresses] [] []} {[watch] [extensions] [ingresses] [] []} {[create] [] [events] [] []} {[patch] [] [events] [] []} {[update] [extensions] [ingresses/status] [] []}] user=&{ocid1.user.oc1..xxx.ocid1.user.oc1..xxx [ocid1.compartment.oc1..xxx.system:authenticated] map[ContextType:[OCI] TenancyID:[ocid1.tenancy.oc1..xxx]]} ownerrules=[{[create] [authorization.k8s.io] [xxx xxx] [] []} {[get] [] [] [] [/api /api/* /apis /apis/* /healthz /openapi /openapi/* /swagger-2.0.0.pb-v1 /swagger.json /swaggerapi /swaggerapi/* /version /version/]}] ruleResolutionErrors=[]
Error from server (Forbidden): error when creating "https://raw.xxx.com/kubernetes/ingress-n

Command used:

kubectl apply -f https://raw.zzz.com/kubernetes/xxx/master/deploy/mandatory.yaml

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.